methodology
Consilience: The principle that evidence from different,
unrelated sources can converge on strong conclusions.
assessment
Assess technical vulnerabilities and cybersecurity risk on an enterprise scale
Specify risk-relevant processes, workflows and cultural artifacts that can lead to information compromises
Examine cybersecurity risk in context and in light of business requirements
​
Create models, frameworks and metrics that enable deeper insights into cyber security risk and implications.
Recommend security controls that align with the organizational tolerance for risk
Suggest countermeasures to state-sponsored information collection efforts in high-risk countries
CYber security Risk assessment
Board Engagement
Enterprise Level Assessment
Security Governance
Root Causes &
Systemic Risk Factors
Resilience
Macroscopic Security
Controls
Risk-Relevant Organizational Features
Technology & Business
Operations Assessment
External View
Internal View
Attack Surface Discovery
Third party Dependencies
Vulnerability
Scan
Independent
Ratings
Recon Tools
Functional Discovery:
Interviews on Business Processes, Cyber and Physical Security Technologies, Information Assets
CIS Controls
Gap Analysis
Basic Hygiene
Foundational
Advanced
ANALYSIS: RISK-RELEVANT OBSERVATIONS, CORRELATIONS, VULNERABILITIES & RECOMMENDATIONS ON REMEDIATION.
ENTERPRISE RISK ASSESSMENT
TECHNICAL RISK ASSESSMENT
Interviews and
Model /Metric Formulation
Business Requirement, Operational Constraints and The Tolerance for Security Risk
Interviews and Vulnerability Scans
Approach to Cybersecurity Risk Management
Information Management
IT Administration
Risk-Relevant Organizational Features
External
Attack Surface Discovery
Third party Dependencies
Internal
Technical
Vulnerabilities
Security Control Gaps
DATA ANALYSIS AND SYNTHESIS
CYBERSECURITY RISK MANAGEMENT AND
GOVERNANCE RECOMMENDATIONS